The Ugandan Jobline

• Support
  in conducting effective local risk assessments to assess all new IT
  systems or Processes, clearly identifying the risks and issues and the
  controls and measures required to mitigate those risks / issues.
• Regularly
  review and identify new risks that may be introduced into the business by
  any proposed change to IT Systems or Processes
• Assist
  in undertaking local 3rd Party Due Diligence for critical IT Vendors and
  Service Providers
• Conduct
  IT Security Controls Snap checks (CSA) and monitor IT Security activities
  e.g. application & system controls, physical and logical access
  security controls, review of disaster recovery and back-up procedures,
  media storage
• Report
  on the compliance levels and provide comprehensive MI reporting
• Expeditiously
  follow-up on any IT Security weaknesses identified and put in place
  effective measures to safeguard the bank’s IT resources, information and
  reputation.

• Assist
  in setting and measuring technology risk thresholds and the related key
  indicators.
• Ensure
  roles & responsibilities are defined and agreed for metric collation
  and ownership
• Ensure
  that Key Risk Indicators are monitored by Technology Senior Management,
  reasons for out of threshold indicators are defined and remediation is
  actively monitored.
• Ensure
  alignment of KRI position and CSA results

• Review
  major incidents (severity 1, 2 and 3), identify root cause assess impacted
  control objectives and ensure consistency with CSA
• Work
  closely with the Group Key Risk Owner, Operational Risk management and the
  central Technology Risk team define the loss / risk appetite for the
  country.
• Analyse
  TKR loss data and conclude on required actions to prevent exceeding loss
  budget
• Ensure
  that loss events are correctly attributed to TKR where applicable.

• Ensure
  action owners compile their own closures and define ongoing management
  controls
• Ensure
  that defined action plans are agreed with the responsible assurance
  providers and trackers are defined detailing actions, sub actions,
  deliverables, evidence, control maturity and action owners.
• Provide
  regular status update report to senior management commensurate with item
  status (at risk, on track, overdue)

• Ensure
  that all high/medium risk projects in the area are identified and RAG
  status from a risk perspective is tracked
• Ensure
  that ORIAs are completed, required actions taken and operational risks
  being migrated into production are defined, understood, accepted (RFNC)
  and remediation planned for all high/medium risk projects
• Ensure
  that high probability and high impact items on top project risk logs have
  adequate remedial actions defined.
• Be
  involved in project assurance reviews, as managed by the central project
  assurance team, where required.

• The
  ideal candidate should hold a Bachelor’s degree in Computer Science/
  Information Systems / Information Technology or a relevant degree.
• Professional
  CISA/CRISK/CISM Certification
• Degree
  level education in an analytical subject would be beneficial
• At
  least two years’ experience and exposure to the Banking/ ICT Industry
• Displaying
  a thorough understanding of technology strategic issues in the banking or
  financial services sector
• Highly
  confident and motivated leader, with proven experience in motivating
  regional and global teams in a challenging, high pressure environment
• Good
  knowledge and understanding of ITIL processes and associated concepts will
  be an added advantage.
• Strong
  customer liaison and relationship management skills
• Possess
  excellent communication and presentation experience;
• Ability
  to work under pressure, take clear ownership of issues and projects and
  drive to ensure a successful closure for the customer, peers and IT
  Production;
• Familiarity
  with ITIL-style management procedures and mainstream project management
  styles a distinct advantage;

Related Jobs